Custom claims are not added in the token

Selva · March 17, 2020, 2:09pm

Hi

I have written a rule to add a custom claim when retrieving the access token.
The rule gets the claims from an external source and appends as below.

const namespace = 'https://myidserver.auth0.com/';
context.accessToken[namespace + 'claims']  = JSON.stringify(response.data);

Reference: _Rule Examples

Registered an api resource named myAPI.

I am getting the access token from a SPA application. Below are the options given for getting the token.

domain='https://myidserver.auth0.com/'
client_id='client_id'
audience="audience_uri"
redirect_uri='redirect_uri'
responseType="token id_token"
scope="openid name profile https://myidserver.auth0.com/claims"

I am getting the access token from the application using getTokenSilently() method. But my access token has only the default claims. My custom claim is not added.

When the login workflow is called from the application, I can see my console log about adding the claims to the context object from the rule in the logger extension. I also tested the rule manually and everything is good.

Appreciate any inputs to solve this problem. Thanks in advance.

Regards, Selva

mathiasconradt · March 17, 2020, 2:23pm

scope=“openid name profile https://myidserver.auth0.com/claims”

Note: unless you’re checking for this scope in the request within the rule, there’s no need to explicitly add this as additional scope. Is the custom claim always added to the token or only under certain conditions, i.e. when this specific scope is being requested?

Just wanting to rule out that there’s no if/else statement causing the logic to be skipped.

I am getting the access token from the application using getTokenSilently() method.

Rule code looks fine.

Maybe worth testing another grant type, i.e. an easy way would be via Postman and Resource Owner Password Grant (ROPG) to see if it makes a difference. I mean, just for testing, as it’s fairly easy to execute (otherwise not recommending ROPG ;).

Selva · March 17, 2020, 2:52pm

Hi
Thanks for your inputs. I had the same result without the scope in the request. Added it based on the suggestion from the url below.

Let me try from Postman as you suggested.
Thanks, Selva

mathiasconradt · March 17, 2020, 3:11pm

Regarding the link you provided, that’s not a correct info. I added a comment there.

Selva · March 18, 2020, 5:14am

Hi @mathiasconradt

Thanks. I tried with Auth. code grant and ROPC flows in Postman. I am not seeing the claim in both the flows. Below is the output (extracted only access/id tokens) of the rule execution from the test window. I can also see the console logs from the rule when i test the login from my SPA.

The rules context is:

{
 ...
  "accessToken": {
    "https://myIdServer.auth0.com/testclaims": "testclaim"
  },
  "idToken": {
    "https://myIdServer.auth0.com/testclaims": "testclaim"
  }
}

This is the last rule in the pipeline. Am i missing something else?
Thanks in advance.

Regards
Selva

Selva · March 18, 2020, 5:39am

Oops. I found the problem. Namespace format is wrong. Making it as https://www.myIdServer.com/testclaims works properly. To be precise, auth0 should not be there in the namespace. Thanks much for your support
@mathiasconradt.
Reference: Create Custom Claims

konrad.sopala · March 18, 2020, 12:47pm

Thanks a lot for sharing that with the rest of community and glad you have figured it out!

system · April 2, 2020, 12:47pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.